What's the connection between SSL and Https,http?

Source: Internet
Author: User
Tags ssl certificate

someone asked: What is the difference between HTTP and HTTPS?

HTTP, the full name "Hyper Text Transfer Protocol", is the default protocol used when visiting a Web site from a browser. Because the data transfer between the browser and the website is plaintext, it is vulnerable to man-in-the-middle attack and eavesdropping, and not suitable for transmission of sensitive information such as bank account, password, etc. such as Sina http://www.sina.com.cn.

HTTPS, on behalf of Hyper Text Transfer Protocol Secure, the SSL/TLS encryption and authentication functions into the HTTP protocol, before the information is transmitted through the SSL/TLS protocol encryption, the received information will first be decrypted by the browser, and then show that So as to ensure the security of online transactions. HTTPS is widely used in the fields of online trading \ Payment \ Sensitive information download (such as e-mail). such as ICBC Online banking

How to enable HTTPS

In order to prepare the Web server for accepting HTTPS connections, an administrator must create an SSL certificate for the Web server. This certificate must be accepted by a certificate authority that is trusted by a browser, such as VeriSign, GlobalSign, GeoTrust, Thawte, Comodo, and so on. When the browser is published, it has built in the signature certificate of the primary certification authority, enabling them to verify the certificate they signed.

Get a certificate

is to purchase a trusted international SSL certificate from an SSL agent. Users do not need to install plug-ins and are directly accessible.

There are also untrusted CA institutions or individuals that issue self-signed certificates, but users need to manually add the signed certificate that is not built into the browser to the list of trusted root certificates.

TLS and SSL protocol

The Transport layer Socket and secure Socket layer are essentially the same, which is a security protocol that combines encryption and authentication, and is supported by default for all applications, such as browsers, Iis,apache,exchange servers, and so on.

TLS was developed into the standard RFC5246 of the IETF of the International Standard Organization on the basis of SSL (launched by the earliest browser vendor Netscape).

The TLS protocol allows client/server applications to communicate over the network to prevent eavesdropping, interference, and falsification of information.

TLS uses encryption and digital signature technology to provide authentication and communication over the Internet at the point of confidentiality. The encryption strength can reach 1024 or 2048 bits.

In typical end-user/browser use, TLS authentication is unilateral: only the server authenticates (the client knows the identity of the server), not the opposite (the client is still unauthenticated or anonymous). Strictly speaking, server authentication is not exactly the same as the browser (tool) and end user (personal) meaning. For a browser, it simply means that the browser authenticates the server's certificate, that is, the issuing authority that checks the server certificate is trusted and has a complete chain of trust. Once verified, the browser displays a security icon (such as a "small lock" on the status bar). However, simply verify that the server is not "OK" to the end user.

For end users, it is a good idea to do one of the following: Check the root information of the certificate authority and the CA trust chain of the certificate.

In particular: in the "small lock" icon, does not mean that the site visited is trustworthy, but the browser to the site information is encrypted, to avoid misunderstanding. A malicious Web site cannot use a valid certificate from another site, because their URL and SSL certificate are one by one corresponding. Because only trusted CAs can embed URLs in certificates, it is a good way to ensure that URLs that are clearly identified with the URL specified in the certificate are checked against the real site.

TLS also supports a more secure two-way authentication mode (typically in an enterprise application) where a client (usually a browser) verifies not only the secure Web site, but also the identity of the client (requiring the installation of a client or a personal certificate). Clients that require two-way authentication also hold certificates.

The establishment of the TLS/SSL protocol involves three basic stages:

1. Peer negotiation for algorithm supporthttp://en.wikipedia.org/wiki/transport_layer_security peering negotiation
2. Key exchange and authentication key exchange and authentication
3. Symmetric cipher encryption and message authentication symmetric password encryption and messaging authentication

OpenSSL is a strong Secure Sockets Layer cipher library that includes key cryptographic algorithms, common key and certificate encapsulation management functions, and SSL protocols, and provides a rich set of applications for testing or other purposes. After OpenSSL was exposed to a critical security vulnerability, it found that most websites encrypted via the SSL protocol use an open source package called OpenSSL. Because this is the Internet application the most extensive secure transmission method, by the net silver, the online payment, the e-commerce website, the portal website, the e-mail and so on important website widespread use, therefore this flaw affects the broad scope. The OpenSSL vulnerability not only affects sites beginning with HTTPS, but hackers can also exploit this vulnerability to initiate a "heart Bleed" (Heartbleed) attack directly on personal PCs. It is analyzed that there is a large number of software on windows that use a vulnerable OpenSSL code base that could be hacked to crawl memory data on a user's computer.

For more information, see

Http://en.wikipedia.org/wiki/Transport_Layer_Security

What is the connection between SSL and Https,http

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.